Note that the "by anonymous auth" overrides the "by * none" if you're
not bound. Of course "auth" doesn't mean "compare" so you should not
be allowed to compare a password, as results from your self-reply.
Pierangelo.
PS: use the ITS to submit your work http://www.openldap.org/its